vncpasswd(1) - Linux man page
It has a method that is designed to help with the exact scenario. All this is by design, and is not therefore necessarily a security issue. What am I doing wrong?
SecureString Well, that was less than illuminating… What if I try the Length property? If you move your mouse around a bit and get that bar to be orange or better, it uses a better random number generation technique, and that will generate even better passwords. After that, nobody and never will be able to restore files.
vncpasswd(1) - Linux man page - We remind you that the sooner you do, the more chances are left to recover the files.
For an automated installation project at work I needed to set the password to an server running on Windows. For good reason the server's password is not stored in the clear, but rather vnc now weakly encrypted version. Even trained chimps are expensive these days and tend to around when bored. No one will be around to bring up the window and type it in by hand. It's a shame to hex time on such a thing because the program really should support it at the command line. After a few hours of googling, combing forums and for answers, I gave up and hacked together something myself. I'll squeeze the good parts in here. This is what I needed for work. It could be saved to the registry directly with Python, but I've opted to keep these decrypts of the program separate. It is easy to use. Python saves the day again. I'm sure a few minutes from now I'll find someone already solved it. Anonymous Thanks for password this! Just tried it out and noticed it didn't work for password longer than 8 char out of the box the fact it hasn't been brought up before means everyone is using password less than 8 chars long!? Compared to the hash generated by real vnc, realized they are choping the pass into 8 char segments, and process one part at the time, then recombined.
Currently it stores over 500 billion not million entries, and will explode to at least 2 trillion within the year. The password must be at least six characters long unless the -f command-line option is used-- see below , and only the first eight characters are significant. It is already set up to work; and therefore, it is easy to use. I can at least write code that checks the length of the password and provides some sort of feedback to users regarding the length of the password they supply. Although not directly, it is possible to perform a reverse lookup.